CN100493048C - Multimedia communication proxy system and method capable of crossing network address conversion and firewall - Google Patents
Multimedia communication proxy system and method capable of crossing network address conversion and firewall Download PDFInfo
- Publication number
- CN100493048C CN100493048C CNB2004100840706A CN200410084070A CN100493048C CN 100493048 C CN100493048 C CN 100493048C CN B2004100840706 A CNB2004100840706 A CN B2004100840706A CN 200410084070 A CN200410084070 A CN 200410084070A CN 100493048 C CN100493048 C CN 100493048C
- Authority
- CN
- China
- Prior art keywords
- private network
- agency
- network
- gateway
- public network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000006854 communication Effects 0.000 title claims abstract description 40
- 238000004891 communication Methods 0.000 title claims abstract description 39
- 238000006243 chemical reaction Methods 0.000 title claims abstract description 14
- 238000000034 method Methods 0.000 title claims description 48
- 230000011664 signaling Effects 0.000 claims description 31
- 238000007726 management method Methods 0.000 claims description 27
- 230000005540 biological transmission Effects 0.000 claims description 16
- 238000012544 monitoring process Methods 0.000 claims description 4
- 238000012546 transfer Methods 0.000 abstract description 5
- 238000012545 processing Methods 0.000 description 7
- 230000000977 initiatory effect Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000002950 deficient Effects 0.000 description 4
- 238000004804 winding Methods 0.000 description 4
- 238000013507 mapping Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a multimedia communication agent system that can cross network address conversion and firewall, which comprises: a public network agent 1, a public device 2, a media transfer server 3, a private network agent 4, a private network gateway A-5, a private network agent B-6, and a private network gateway B-7. Wherein, the private agent manages its gateway and communicates with public network agent; the public network agent sees to transfer information dual-direction between private network agent and public network device; the media transfer server transfers the media flow between private network agent and public network device. This invention can connect different gateways, improves treatment efficiency, saves public network bandwidth, and thereby has important meaning for multimedia data.
Description
Technical field
The present invention relates to field of multimedia communication, particularly the multimedia communication proxy system and the method for based traversal network address conversion and fire compartment wall.
Background technology
Along with developing rapidly of IP network broadband services, packet-based multimedia communications system standard H.323, SIP (Session Initiation Protocol, session initiation protocol), MGCP (Media Gateway Control Protocol, MGCP) etc. extensively apply in video conference and the IP phone, especially the fast development that obtains of IP telephone service, for example spread all over each metropolitan IP public telephone supermarket of the whole nation, network etc. unified in the enterprise-specific data voice.Simultaneously, for the consideration to network security, most of units and enterprise have all used NAT (NetworkAddress Translation, network address translation) technology or have disposed fire compartment wall.Multimedia communication protocol requires to use IP address and port to set up data channel each other between the terminal, because fire compartment wall is configured to limit uncalled external data bag usually and enters, therefore the terminal of fire compartment wall inside can not receive outside calling, even fire compartment wall is opened the initial data packets of a port receipt of call, the agreement that has (for example H.323) also requires some ports of dynamic assignment to be used for receipt of call control information and set up voice, video data channel, unless therefore open all of the port of fire compartment wall, just can carry out multimedia communication, and fire compartment wall has also just lost meaning.
And on the other hand, unit that has and enterprise have all built the Local Area Network that uses private IP address for ease of management and application, must use NAT when needs visit public network.Call out between the terminal in the local area network (LAN) when communicating by letter without any problem, produce but just have problem when communicating with the public network terminal, reason is that the IP address in the local area network (LAN) is privately owned, can not route in Internet.At first, when the terminal call exterior terminal in the local area network (LAN), can set up and call out connection, but the terminal in the local area network (LAN) can not be received the voice and video packet that the public network terminal sends; Next, the calling that the terminal in the local area network (LAN) can not be received the public network terminal.
Therefore, can solve the crossing problem of NAT and fire compartment wall with agent skill group.The agency makes the calling procedure of terminal-to-terminal service appear as the calling of two separation: one be from the terminal on the private network to the agency, another is from acting on behalf of the terminal on the public network, the agency calls out the crossing problem that transfer has solved NAT and fire compartment wall by this.
In order to overcome the above problems, currently used universal way is the tunnel crossing technology.This technology mainly is made of two significant components: multimedia is passed through server and access web server.The tunnel passes through the similar HTTP service of basic principle, all being based on private network initiates to connect to the Internet network earlier, then, at the address mapping relation that forms on the NAT between access web server and the public network agency, public network just can be communicated by letter on one or more of links with private network like this, and same fire compartment wall also allows such service.
Though, this technology to a certain extent can passing through NAT and fire compartment wall, but because when a private network gateway will be visited private network gateway under the same private network, also need to finish by external network, can take the double outlet network bandwidth through the process of private network like this, cause waste of network resources to public network and public network to private network.In addition,, make its range of application only limit to the product of single manufacturer because at present the processing capacity of private network generally is integrated in the gateway, with the product of other manufacturer can't compatibility and intercommunication; And the public network treatment facility in this scheme is all integrated Media Stream forwarding capability can't be realized the distributed media exchange.
Summary of the invention
The problem to be solved in the present invention provides the multimedia communication proxy system of a kind of passing through NAT and fire compartment wall, in the time of will visiting private network gateway under the same private network to overcome in the prior art private network gateway, need finish by public network is circuitous, thereby take the defective of double outlet bandwidth.
It is little that the present invention further solves the prior art range of application, with the incompatible defective of the product of other manufacturer.
The present invention has also solved the circulation of public network treatment facility integrated medium and has sent out function, can't realize the defective of distributed media exchange.
For this reason, the invention provides the multimedia communication proxy system of a kind of passing through NAT and fire compartment wall, comprise private network agency, public network agency, medium forwarding server, private network gateway, public network equipment;
Described private network agency, be used to manage described private network gateway, integrated private network telecommunication management function is transmitted the information between described private network gateway and the described public network agency, in same private network, belong to communication between same private network agency's the private network gateway by this private network proxy management; Belong to communication between different private networks agency's the private network gateway by separately private network agent negotiation management;
Described public network agency is used to transmit the message between described private network agency and the described public network equipment;
Described medium forwarding server is by the Internet and described private network agency and described public network devices communicating.
Described medium forwarding server connects more than one private network agency simultaneously, and each medium forwarding server is all simultaneously by the Internet and described private network agency and described public network devices communicating.
Described public network equipment comprises: public network gateway and public network soft-switch platform.
Described medium forwarding server uses transmission control protocol to be connected with described private network agency.
Described private network agency uses transmission control protocol to be connected with described public network agency.
H.323 the private network gateway, comprises to the standard signaling that the public network agency sends to private network agency and private network agency, the various signalings among the SIP, MGCP calling procedure.
The invention provides a kind of method of using described multimedia communication proxy system to realize conversion of multi-medium data based traversal network address and fire compartment wall, may further comprise the steps:
(1) the private network gateway sends register requirement to the private network agency, at this moment, the registered port that private network Agent Requirements public network agent allocation corresponding port is used to replace the private network gateway, and the port information that distributes repaid to the private network agency, wherein transmit to the public network soft-switch platform after the address information by the private network agents modify.
(2) setting up the calling passage between described private network agency and the described public network agency: when described private network agency's signaling monitoring port is received call admission request, judge whether called gateway is managed by same private network agency, if, then called gateway address is issued the caller gateway, otherwise judge whether called gateway belongs to different private network proxy managements in the same private network, if, then called gateway address is issued the caller gateway, otherwise, obtain the address of called gateway by private network agency and communicating by letter between public network is acted on behalf of.
(3) by private network agency and public network proxy collaboration, carry out the call setup of private network gateway and public network equipment, consult media address, cooperate with the medium forwarding server by the private network agency again, set up multimedia channel.
(4) multimedia channel by described foundation carries out the multi-medium data forwarding.
Step (1) before will described private network agency with set up one " transmission control protocol " between described public network is acted on behalf of and be connected.
Use transmission control protocol to be connected between described medium forwarding server and the described private network agency.
By above technical scheme provided by the invention as can be seen, this system has been integrated in the call management functionality of private network on the private network agency, when making gateway communication in the same private network, does not need through public network circuitously, has saved the outlet bandwidth of half.In addition, the private network agency is independent of gateway device, makes it can insert the gateway device of multiple manufacturer; And Media Stream forwarding server can be cooperated with a plurality of private networks agencies, simultaneously, can dispose a plurality of media servers simultaneously on the Internet, can avoid in the network flow in a certain zone excessive, makes network work more steady, and efficient is improved; Therefore, the present invention has obviously improved defective of the prior art, and the problem that solves multi-medium data passing through NAT and fire compartment wall is significant.
Description of drawings
Fig. 1 is the structure chart that makes the multimedia communication proxy system of multi-medium data passing through NAT and fire compartment wall;
Fig. 2 is the process that the multimedia communication proxy system of multi-medium data passing through NAT and fire compartment wall is registered;
Fig. 3 makes the multimedia communication proxy system of multi-medium data passing through NAT and fire compartment wall withdraw from the process of registration;
Fig. 4 makes the multimedia communication proxy system of multi-medium data passing through NAT and fire compartment wall carry out the process that medium are transmitted;
Fig. 5 makes the multimedia communication proxy system of multi-medium data passing through NAT and fire compartment wall carry out the H.323 process of call setup;
Fig. 6 makes the multimedia communication proxy system of multi-medium data passing through NAT and fire compartment wall carry out the process of MGCP call setup;
Fig. 7 makes the multimedia communication proxy system of multi-medium data passing through NAT and fire compartment wall carry out the process of SIP call setup;
Embodiment
Relate generally to how to make H.323, MGCP, Session Initiation Protocol passing through NAT and fire compartment wall.Be applicable to the NAT gateway has been installed, or have own private net address, and wish to use VoIP (voiceover IP, IP-based voice) etc. to depend on the enterprise or the sub-district of end-to-end application simultaneously.
Basic network topology such as Fig. 1 comprise: private network is acted on behalf of A-4, private network gateway A-5, public network agency-1, public network equipment-2, medium forwarding server-3, private network is acted on behalf of B-6, private network gateway B-7.
Wherein, public network the agency separate with the medium forwarding server, make in the same system and can dispose more than one Media Stream forwarding server simultaneously, realized the distributed media exchange, two Media Streams in opposite directions in one tunnel conversation are transmitted from different medium transponders.Use transmission control protocol to be connected between medium forwarding server and the described private network agency.
In using the system of agreement H.323, the public network equipment-2 among Fig. 1 comprises public network H.323 gateway and public network gatekeeper, and wherein, the public network gatekeeper is the public network soft-switch platform.Private network is acted on behalf of A network management private gateway A, and private network is acted on behalf of B network management private gateway B, and all with the public network agent communication; The public network agency is responsible for and will gives public network equipment from private network agency's forwards; The medium forwarding server is acted on behalf of and the public network devices communicating with private network in the medium repeating process.Wherein, private network gatekeeper function that the private network agency is integrated, wherein, the private network gatekeeper function is the private net calling management function.The gatekeeper is the management equipment of IP telephony network, and it provides functions such as address resolution, the management of equipment access authentication, Bandwidth Management, resource management.
An above private network agency can be arranged in each private network, and each private network agency can manage an above private network gateway; When private network agency's signaling monitoring port is received call admission request, at first, judge whether called gateway belongs to same private network proxy management with the caller gateway, if, then called gateway address is issued the caller gateway, otherwise judge again whether called gateway belongs to different private network proxy managements in the same private network, if, then by the cooperation between different private network agencies, obtain called gateway address, again called gateway address is issued the caller gateway, otherwise, obtain the address of called gateway by communicating by letter and the signaling forwarding between private network agency and the public network agency.
The private network agency is connected to transmitting control channel with public network agency's tunnel and is connected.The private network agency is in active work mode, powers up the back and initiatively is connected with the public network agency; The public network agency is in passive work mode, accepts the connection that the private network agency initiates.The private network gateway comprises to the signaling that the public network agency sends to private network agency and private network agency: H.323 the private network gateway, comprises to the standard signaling that the public network agency sends to private network agency and private network agency, the various signalings among the SIP, MGCP calling procedure.
The private network agency has the private network gatekeeper function, be that all gateways of private network are actually to separately private network agency and initiate registration, then by private network agency and public network proxy collaboration, use the public network agency to go up the log-on message that the port that distributes substitutes the private network gateway, initiate registration to the public network gatekeeper by private network agency simulation private network gateway.The private network agency is as the private network gatekeeper when system initialization, monitor UDP (user diagram protocol, User Data Protocol) 1719 (RAS registers default port), TCP1720 port (H.225.0 call signaling default port), RAS signaling that wait private network gateway gateway sends and signaling H.225.0.
Application of the present invention comprises: registration process, withdraw from registration process, and call establishment is called out dispose procedure, the multimedia repeating process.
Wherein, registration process when private network agency's RAS signaling port receives the register requirement message that the private network gateway sends, is opened to the public network proxy requests with public network agency's tunnel by the private network agency and to be monitored a TCP address and a UDP address as shown in Figure 2.TCP address TA1 of public network agent allocation this locality and UDP address UA1 substitute the registered address information of register requirement, i.e. the TCP address TA2 of private network gateway and UDP address UA2, and this two group address carried out association and reply to the private network agency.The private network agency after receiving the port information of public network agency answer replaces the registration field in the logon message, sends it to public network agency by the tunnel, and the agency is forwarded to the public network gatekeeper by public network.After public network agency's UDP address UA1 receives public network gatekeeper's register requirement ACK packet, the register requirement ACK packet transmitted successively deliver to the private network agency, and be transmitted to the private network gateway by the private network agency.
Fig. 3 is for withdrawing from registration process, and its principle is identical with registration process, and the private network gateway sends to private network agency and withdraws from register requirement, the private network agency by and the public network agency between passage send to the public network gatekeeper and withdraw from register requirement; Then, the public network gatekeeper sends to the public network agency and withdraws from accreditation verification, and public network is acted on behalf of to private network agency transmission and withdrawed from accreditation verification, and the private network agency sends to the private network gateway and withdraws from accreditation verification and close the address indication to public network gatekeeper transmission.
Call establishment as shown in Figure 4, when private network agency 1 RAS signaling port receives " call request " message of private network gateway transmission, according to the destination number in " call request " message, search in this locality earlier, if find target, then the calling for two gateways under the same private network proxy management of same private network is this time called out in expression, then directly returns " call acceptance " message, and the address information of called gateway is circulated a notice of to the caller gateway.When target is not found in this locality, search whether there is inter-domain routing, the matching domain prefix, if qualified list item is arranged, then another private network agency 2 (gatekeepers) under the same private network of this prefix correspondence send " Location Request " query message.After another private network agency 2 receives " Location Request ", inquire about the gateway under oneself managing, find target then to use " positioning confirmation " message loopback address information.The private network agency 1 who initiates inquiry after obtaining " location confirmation " takes out address information wherein, returns to the caller gateway with " call acceptance ".If do not have this address information in another private network agency 2 the management domain, then loopback " location refusal ".At this moment, the private network agency 1 who initiates inquiry can judge that this calling is the calling that to public network, after then the relevant field of " call request " being revised, sends to the public network gatekeeper.Public network gatekeeper inquiry and registration information is replied the corresponding port of " call acceptance " message to the public network agency.The public network agency obtains " call acceptance " back and sends " opening connection request " to this private network agency; After the private network agency receives " opening connection request ", store purpose information wherein, sending " opening CONNect Acknowledgement " then acts on behalf of to public network, and send " call acceptance " to the caller gateway, notify this gateway, this time call out and change gatekeeper's routing call into, the call signaling address is this private network agency's call signaling address.The dispose procedure of calling out is the inverse process of call establishment.
When private network agency's call signaling port one 720 receives the H.225.0 call control signalling of private network gateway gateway transmission, the private network gateway address information of the signaling inside of TCP is replaced, setting up TCP by tunnel notice public network agency to opposite end public network equipment again connects, after receiving the affirmation that connects, the encapsulation signaling message is forwarded to the public network agency by the tunnel, is forwarded to opposite end public network equipment again.The message of opposite equip. is returned to the public network agent allocation and gives on the tcp port of this private network gateway, is forwarded to the private network agency by the public network agency again, is given to the private network gateway by the private network agency at last.
After call setup is finished, with entering the process that medium are transmitted, as Fig. 5.The process of consulting media address information might adopt H.245 standard procedure, also might be quick start-up course.Therefore, the private network agency needs analysis judgment for TCP message of receiving on TCP 1720 ports and the channel message of receiving.When the private network agency receives " call setup " signaling of transmitting, will send " opening channel request " request by TCP circuit with affiliated medium forwarding server, at this moment, the medium forwarding server distributes two couples of UDP address: UA3, UA4, UA5, UA6, UA3 (RTP wherein, Real-time Transport Protocol, RTP) and UA4 (RTCP, Real-time Transport Control Protocol, RTCP Real-time Transport Control Protocol) as the receiving media address, opposite end of this calling, be the media address information of private network agency, directly send voice packet to this address by the private network gateway to private network gateway announcement public network equipment; UA5 (RTP) and UA5 (RTCP) are received in the H.225.0 signaling that is transmitted to the public network agency, are transmitted to the communication terminal of public network by the public network agency.At this moment, the equipment of public network that port on the medium forwarding server sends voice packet, the medium forwarding server with the voice packet received by distributing to the RTP port of private network, issue the private network agency, the private network agency distinguishes this according to port mapping table and forwards which private network gateway to, transmits voice packet then.By the time end of conversation, the private network agency sends " closing passage request " to the medium forwarding server again, requires no longer to monitor this two groups of ports.Thereby the release resource finishes conversation.
This programme is equally applicable to the MGCP agreement, and in the system that uses the MGCP agreement, private network is acted on behalf of A network management private gateway A, and wherein private network is acted on behalf of B network management private gateway B, and with the public network agent communication; The public network agency is responsible for and will gives public network equipment from private network agency's forwards; The medium forwarding server is acted on behalf of and the public network devices communicating with private network in the medium repeating process.Wherein as among Fig. 1, public network equipment-2 is public network Media Gateway Controller and the public network media gateway in the MGCP system, and the public network Media Gateway Controller mainly is responsible for the control of call logic, finishes call business.
At a private network an above private network agency, above private network gateway of a private network proxy management are arranged.The private network agency is connected with described public network agency's the transmitting control channel that is connected to.The private network gateway is the MGCP control messages to private network agency and private network agency to the signaling that the public network agency sends.
The private network agency serves as the Media Gateway Controller role in private network, the private network gateway, is announced to its registration, transmission as Media Gateway Controller with the private network agency.The serve port of private network agents listen Media Gateway Controller, in communication process, call management module recorded key parameter in calling procedure of private network agency is revised corresponding signaling address, be transmitted to the public network agency, the agency is transmitted to the public network Media Gateway Controller by public network.
When the private network gateway when private network agency initiates request, if the private network agency is not also and the public network agent binding, the private network agency is to public network agency initiation bind request.The public network agency then waits for private network agency and its link setup, receives the MGCP control messages signaling that the private network agency sends.
The pre-configured private network agency of private network gateway is Media Gateway Controller, and the configuration information of Media Gateway Controller is except the IP address, and is all consistent with the public network Media Gateway Controller.
Wherein, registration process as shown in Figure 2, when private network agency's MGCP signaling port received the register requirement message that the private network gateway sends, the control channel by private network agency and public network agency was to udp port of public network proxy requests.The udp port of public network agent allocation this locality (being assumed to be 5001), and this group address carried out association and reply to the private network agency.The private network agency sets up binding list item after receiving the port information of public network agency answer.
Fig. 3 is for withdrawing from registration process, and its principle is identical with registration process, and the private network gateway sends to private network agency and withdraws from register requirement, the private network agency by and the public network agency between passage send to the public network gateway and withdraw from register requirement; Then, the public network gateway sends to the public network agency and withdraws from registration reply, and the public network agency sends to the private network agency and withdraws from registration reply, and the private network agency sends to the private network gateway and withdraws from registration reply and send close port request, closing control passage to the public network agency.
Call handling process as shown in Figure 6, all are acted on behalf of to private network when the private network gateway and send the MGCP notice message, the private network agency handles (processing rule sees next section) back accordingly according to the type of different messages and is transmitted to the public network agency by control channel, be transmitted to the public network Media Gateway Controller by the public network agency, because system generally is suitable for the requirement of principle, all control messages can not directly send to the public network Media Gateway Controller by the private network agency.
In calling procedure, the type of private network agents monitor MGCP control messages, it carries out differentiating and processing for call control message that contains SDP (Session Description Protocol, Session Description Protocol) and the control messages that do not contain SDP.For not containing SDP message, the private network agency does not revise message content, directly to public network agency or private network gateway forwards.For the order that comprises SDP message, need do respective handling (processing mode is seen following elaboration) and transmit to the public network agency then.
After private network agency receives the control messages that comprises SDP information that receives from the private network gateway, need to check whether communication end point is bound with the medium forwarding server, if not binding, send the media channel request of opening by the control channel between private network agency and the medium forwarding server to the medium forwarding server, the medium forwarding server distributes two groups of (RTP/RTCP port to) ports for this request, a pair of address (public network address 1) provides as the address of communicating by letter with the private network gateway media, a pair of (public network address 2) is used to receive the Media Stream that the public network gateway sends over, and is transmitted to internal gateway.The medium forwarding server will distribute two pairs address information to send to the private network agency in opening the media channel answer.
After the private network agency receives the answer of medium forwarding server, the recording address mapping, and the media address in the former MGCP control messages (private net address 1) replaced with public network address 2 on the medium forwarding server, and being transmitted to the public network agency, the agency is transmitted to the public network Media Gateway Controller by public network.The public network gateway will obtain the media monitoring address (public network address 2) on the medium forwarding server like this.Simultaneously the private network agency adopts the private mode to open and keep one to the medium forwarding server and acts on behalf of the media channel of the public network address 1 of medium forwarding server from private network, and the Media Stream of going into to call out is finished by the path of public network gateway-medium forwarding server-private network agency-private network gateway.
When receiving from public network, the private network agency acts on behalf of the media channel control control messages of transmitting that has SDP information, suppose that the public network gateway media address that SDP carries is a public network address 3, whether at first check to connect makes winding connect, it is private network gateway-private network agency-medium forwarding server-private network agency-private network gateway (all private network devices here all refer to the equipment of same private network inside), if by loopback, show it is that this calling is the private network Internal call.
If winding connects, the purpose private network gateway of establishing control messages is a private network gateway 1, and its media communication address is a private net address 1, and opposite end private network gateway is a private network gateway 2, and its media communication address is a private net address 2.These information all can be retained in calling procedure on the private network agency, then carry out following operation to avoid winding.Replacing public network address 3 is private net address 2, is transmitted to private network gateway 1; And to opposite end private network gateway 2 transmission MGCP modification connection requests, the media address of carrying in the request is a private net address 1.
Connect if not winding, after the private network proxy records relevant parameter, the control messages that does not make an amendment is transmitted to the private network gateway, finish in the path that Media Stream passed through private network gateway-public network gateway that goes out of private network gateway.
Call out dispose procedure: private network gateway inspection deletion connects control messages, close the media channel request by the control channel between private network agency and the medium forwarding server to the transmission of medium forwarding server when deletion connects, the medium of closing between private network agency and the medium forwarding server are transmitted passage.
Describe in medium repeating process such as the call establishment, media stream path when communicating by letter with the public network gateway media is private network gateway-public network gateway, is public network gateway-medium forwarding server-private network agency-private network gateway as Media Stream.For the intercommunicating Media Stream of private network: private network gateway 1-private network gateway 2.
This programme is equally applicable to Session Initiation Protocol, and in using the system of Session Initiation Protocol, as Fig. 1, private network is acted on behalf of A network management private gateway A, and wherein private network is acted on behalf of B network management private gateway B, and with the public network agent communication; The public network agency is responsible for and will gives public network equipment from private network agency's forwards; The medium forwarding server is acted on behalf of and the public network devices communicating with private network in the medium repeating process.Wherein public network equipment-2 comprises public network Call Agent, public network registrar and public network gateway in SIP.
At a private network an above private network agency is arranged, a private network agency comprises an above private network gateway.The private network agency is connected with described public network agency's the transmitting control channel that is connected to.The private network gateway is sip message to private network agency and private network agency to the signaling that the public network agency sends.
Registration process as shown in Figure 2, when private network agency's SIP signaling port received the register requirement message that the private network gateway sends, the tunnel by private network agency and public network agency was to udp port of public network proxy requests.The udp port of public network agent allocation this locality, and this group address carried out association and reply to the private network agency.The private network agency sets up binding list item after receiving the port information of public network agency answer.
Fig. 3 is for withdrawing from registration process, and its principle is identical with registration process, and the private network gateway sends to private network agency and withdraws from register requirement, the private network agency by and the public network agency between passage send to the public network gateway and withdraw from register requirement; Then, the public network gateway sends to the public network agency and withdraws from registration reply, and the public network agency sends to the private network agency and withdraws from registration reply, and the private network agency sends to the private network gateway and withdraws from registration reply and send close port information to the public network gateway.
Call handling process as shown in Figure 7, all are acted on behalf of to private network when the private network gateway and send the SIP notice message, the private network agency handles (processing rule sees next section) back accordingly according to the type of different messages and is transmitted to the public network agency by control channel, is being transmitted to public network Call Agent or public network registrar by the public network agency.
In calling procedure, the type of private network agents monitor SIP control messages, it carries out differentiating and processing for call control message that contains SDP and the control messages that do not contain SDP.For not containing SDP message, the private network agency does not revise message content, and the agency transmits to public network, is being transmitted to public network Call Agent or public network registrar by the public network agency.For the order that comprises SDP message, need do respective handling and transmit to the public network agency then.
SIP is identical with MGCP with the medium processing mode to the modification of signaling content.
In addition, the present invention is mainly used in multimedia communication proxy system and the method that makes multi-medium data passing through NAT and fire compartment wall, but the present invention is not limited to this, and the present invention is equally applicable to other multimedia communication protocol; In addition, in other network, for those skilled in the art, under the prerequisite that does not break away from the principle of the invention, adopt the system and method for same principle also to belong to protection scope of the present invention.
Claims (9)
1, the multimedia communication proxy system of based traversal network address conversion and fire compartment wall comprises private network agency, public network agency, medium forwarding server, private network gateway, public network equipment; It is characterized in that:
Described private network agency, be used to manage described private network gateway, integrated private network telecommunication management function is transmitted the information between described private network gateway and the described public network agency, in same private network, belong to communication between same private network agency's the private network gateway by this private network proxy management; Belong to communication between different private networks agency's the private network gateway by separately private network agent negotiation management;
Described public network agency is used to transmit the message between described private network agency and the described public network equipment;
Described medium forwarding server is by the Internet and described private network agency and described public network devices communicating.
2, the multimedia communication proxy system of based traversal network address conversion as claimed in claim 1 and fire compartment wall, it is characterized in that: described medium forwarding server connects more than one private network agency simultaneously, and each medium forwarding server is all simultaneously by the Internet and described private network agency and described public network devices communicating.
3, the multimedia communication proxy system of based traversal network address conversion as claimed in claim 1 and fire compartment wall, it is characterized in that: described public network equipment comprises: public network gateway and public network soft-switch platform.
4, the multimedia communication proxy system of based traversal network address conversion as claimed in claim 1 and fire compartment wall is characterized in that: described medium forwarding server uses transmission control protocol to be connected with described private network agency.
5, the multimedia communication proxy system of based traversal network address conversion as claimed in claim 1 and fire compartment wall is characterized in that, described private network agency uses transmission control protocol to be connected with described public network agency.
6, the multimedia communication proxy system of based traversal network address conversion as claimed in claim 1 and fire compartment wall, it is characterized in that: H.323 the private network gateway, comprises to the standard signaling that the public network agency sends to private network agency and private network agency, the various signalings among the SIP, MGCP calling procedure.
7, a kind of method with the described multimedia communication proxy system realization of claim 1 multi-medium data based traversal network address conversion and fire compartment wall is characterized in that: may further comprise the steps:
(1) the private network gateway sends register requirement to the private network agency, at this moment, the registered port that private network Agent Requirements public network agent allocation corresponding port is used to replace the private network gateway, and the port information that distributes repaid to the private network agency, wherein transmit to the public network soft-switch platform after the address information by the private network agents modify;
(2) setting up the calling passage between described private network agency and the described public network agency: when described private network agency's signaling monitoring port is received call admission request, judge whether called gateway is managed by same private network agency, if, then called gateway address is issued the caller gateway, otherwise judge whether called gateway belongs to different private network proxy managements in the same private network, if, then called gateway address is issued the caller gateway, otherwise, obtain the address of called gateway by private network agency and communicating by letter between public network is acted on behalf of;
(3) by private network agency and public network proxy collaboration, carry out the call setup of private network gateway and public network equipment, consult media address, cooperate with the medium forwarding server by the private network agency again, set up multimedia channel;
(4) multimedia channel by described foundation carries out the multi-medium data forwarding.
8, the method for multi-medium data based traversal network address as claimed in claim 7 conversion and fire compartment wall is characterized in that: step (1) before will described private network agency with set up one " transmission control protocol " between described public network is acted on behalf of and be connected.
9, the method for multi-medium data based traversal network address as claimed in claim 7 conversion and fire compartment wall is characterized in that: the use transmission control protocol is connected between described medium forwarding server and the described private network agency.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100840706A CN100493048C (en) | 2004-10-18 | 2004-10-18 | Multimedia communication proxy system and method capable of crossing network address conversion and firewall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100840706A CN100493048C (en) | 2004-10-18 | 2004-10-18 | Multimedia communication proxy system and method capable of crossing network address conversion and firewall |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1764172A CN1764172A (en) | 2006-04-26 |
| CN100493048C true CN100493048C (en) | 2009-05-27 |
Family
ID=36748119
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100840706A Expired - Fee Related CN100493048C (en) | 2004-10-18 | 2004-10-18 | Multimedia communication proxy system and method capable of crossing network address conversion and firewall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100493048C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109698869A (en) * | 2017-10-23 | 2019-04-30 | 中国移动通信有限公司研究院 | Private network traversing method, communication node and storage medium |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101192917B (en) * | 2006-11-24 | 2010-05-12 | 凹凸科技(中国)有限公司 | Method and system for network access control based on NAT |
| CN101360030B (en) * | 2008-08-21 | 2011-10-05 | 华为技术有限公司 | Method for private network customer to access public network using public network address |
| CN102195933B (en) * | 2010-03-05 | 2013-11-06 | 杭州华三通信技术有限公司 | Method for realizing call between isolated Internet protocol (IP) sub-networks and communication unit |
| CN106412068A (en) * | 2016-09-30 | 2017-02-15 | 珠海全视通信息技术有限公司 | Communication method of network system link |
| CN106941527B (en) * | 2017-03-15 | 2021-02-02 | 网宿科技股份有限公司 | Data transmission transfer method and system |
| CN109067659B (en) * | 2018-08-20 | 2021-08-06 | 普联技术有限公司 | Session establishing method, router and session system |
| CN109474687B (en) * | 2018-11-23 | 2020-08-28 | 杭州数梦工场科技有限公司 | Method, device and system for communication between different private networks |
| CN110445806B (en) * | 2019-08-22 | 2022-03-01 | 视联动力信息技术股份有限公司 | Method and device for calling internet terminal and protocol conversion server |
| CN113315877A (en) * | 2020-02-27 | 2021-08-27 | 成都鼎桥通信技术有限公司 | Call processing method for private network terminal |
| CN114007193B (en) * | 2021-12-31 | 2022-05-13 | 亿次网联(杭州)科技有限公司 | Communication method and system for distributed network nodes |
| CN114553509A (en) * | 2022-02-14 | 2022-05-27 | 国网山东省电力公司信息通信公司 | Information internal and external network video conference intercommunication system and method based on isolation device |
| CN115484311B (en) * | 2022-08-19 | 2024-05-07 | 重庆长安汽车股份有限公司 | Signaling interaction method, device and server of national standard signaling edge proxy system |
-
2004
- 2004-10-18 CN CNB2004100840706A patent/CN100493048C/en not_active Expired - Fee Related
Non-Patent Citations (2)
| Title |
|---|
| 一种解决SIP NAT的方案的设计与实现. 许先斌,万庆.计算机应用,第2004年第24卷第4期. 2004 |
| 一种解决SIP NAT的方案的设计与实现. 许先斌,万庆.计算机应用,第2004年第24卷第4期. 2004 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109698869A (en) * | 2017-10-23 | 2019-04-30 | 中国移动通信有限公司研究院 | Private network traversing method, communication node and storage medium |
| CN109698869B (en) * | 2017-10-23 | 2022-02-25 | 中国移动通信有限公司研究院 | Private network crossing method, communication node and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1764172A (en) | 2006-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1650916B1 (en) | The system and method for realize multimedia call crossover the private network | |
| CN100399768C (en) | Method for implementing NAT traversing and system thereof | |
| US8082324B2 (en) | Method of establishing a tunnel between network terminal devices passing through firewall | |
| CN100539504C (en) | A kind of network address translation and/or firewall spanning platform, system and method thereof | |
| CN101431511B (en) | Method for penetrating fire wall and establishing on-line channel between network terminal apparatus | |
| US7684397B2 (en) | Symmetric network address translation system using STUN technique and method for implementing the same | |
| US20070019631A1 (en) | Apparatus and method for managing data transfer in VoIP gateway | |
| CN100493048C (en) | Multimedia communication proxy system and method capable of crossing network address conversion and firewall | |
| WO2006125383A1 (en) | A method for traversing the network address conversion/firewall device | |
| CN100583814C (en) | Method for implementing multimedia service NAT transition | |
| KR101606142B1 (en) | Apparatus and method for supporting nat traversal in voice over internet protocol system | |
| JP2009021846A (en) | System and method for communication among plural networks | |
| CN101465784A (en) | Portable ICE relay server and method thereof | |
| JP2001156852A (en) | Network address conversion device | |
| CN1559133B (en) | Network gateway device and communications system for real item communication connections | |
| CN101631145A (en) | Method for predicting NAT equipment port | |
| US7116775B2 (en) | Apparatus and method for managing BLF information in an inter-networking system | |
| CN101094182A (en) | Intercommunication method for media stream of IPv4 / IPv6 device | |
| CN1783877B (en) | Method for passing through network address switching device and fire-proof wall of real time communication data stream | |
| CN100438442C (en) | Media stream shunting system and media stream shunting method | |
| CN1319351C (en) | Method for realizing realtime multimedia bi-directional communication by NAT | |
| KR20090010878A (en) | All-in-one voice of ip system including multi-function and method of processing signalling therefor | |
| WO2006116933A1 (en) | A method, system and equipment for realizing intercommunication between the ip domains | |
| JP2003046530A (en) | Communication method among ip networks with different address spaces, and device with global ip address | |
| CN1812402B (en) | Method for realizing H.323 communication data packet through fire wall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING ZHONGHE RONGZHI ELECTRONICS TECHNOLOGY CO. Free format text: FORMER OWNER: BEIJING VANLINK NETWORK TECHNOLOGY CO., LTD. Effective date: 20140208 |
|
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING VANLINK NETWORK TECHNOLOGY CO., LTD. Free format text: FORMER NAME: BEIJING VANLINK NETWORK TECHNOLOGIES CO., LTD. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100101 XICHENG, BEIJING TO: 100083 HAIDIAN, BEIJING |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100101, Beijing, Xicheng District, South Beach, No. 8 South, east two Patentee after: Beijing Vanlink network technology Limited by Share Ltd. Address before: 100101, No. 8, South Beach, Desheng East, Beijing, two East Patentee before: Wanlinke Network Technology Co.,Ltd. Beijing |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20140208 Address after: 100083 Beijing City, Haidian District Zhongguancun Road No. 18 smartfortune International Building, block C room 2012 Patentee after: Beijing Zhonghe Rongzhi Electronics Technology Co.,Ltd. Address before: 100101, Beijing, Xicheng District, South Beach, No. 8 South, east two Patentee before: Beijing Vanlink network technology Limited by Share Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090527 Termination date: 20171018 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |